PT-2023-22757 · Jenkins · Jenkins Lucene-Search Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lucene-Search Plugin versions 387.v938a ecb f7fe9 and earlier Description: The issue allows attackers to reindex the database due to the lack of requirement for POST requests for an HTTP endpoint, resulting in a cross-site request...

The vulnerability of the Jenkins Lucene-Search Plugin, related to the lack of security measures for website structure protection, allows attackers to execute XSS attacks.

The vulnerability of the Jenkins Lucene-Search Plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

Jenkins Lucene-Search Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability ...